Админ: управление caption, баллами, список постов

This commit is contained in:
2026-05-29 12:43:37 +03:00
parent 12701ffbc2
commit cfc6001d62
3 changed files with 228 additions and 63 deletions

View File

@@ -4,45 +4,70 @@ import { authMiddleware, adminOnly, AuthRequest } from '../middleware/auth.js';
const router = Router();
// All routes require admin
router.use(authMiddleware, adminOnly);
// Get all users
router.get('/users', (req: AuthRequest, res: Response) => {
// ── Users ──
router.get('/users', (_req: AuthRequest, res: Response) => {
const users = queryAll(
'SELECT id, username, points, is_admin, created_at FROM users ORDER BY points DESC'
);
res.json({ users });
});
// Delete any cat
router.delete('/cats/:id', (req: AuthRequest, res: Response) => {
const cat = queryOne('SELECT id FROM cats WHERE id = ?', [req.params.id]);
if (!cat) {
res.status(404).json({ error: 'Cat not found' });
router.put('/users/:id/points', (req: AuthRequest, res: Response) => {
const userId = parseInt(req.params.id);
const { points } = req.body;
if (points === undefined || points < 0) {
res.status(400).json({ error: 'Укажите points (>= 0)' });
return;
}
execute('DELETE FROM likes WHERE cat_id = ?', [req.params.id]);
execute('DELETE FROM cats WHERE id = ?', [req.params.id]);
res.json({ ok: true });
const user = queryOne('SELECT id, username, is_admin FROM users WHERE id = ?', [userId]);
if (!user) { res.status(404).json({ error: 'User not found' }); return; }
if (user.is_admin) { res.status(400).json({ error: 'Cannot modify admin' }); return; }
execute('UPDATE users SET points = ? WHERE id = ?', [points, userId]);
res.json({ ok: true, points });
});
// Ban user (delete their cats and likes)
router.delete('/users/:id', (req: AuthRequest, res: Response) => {
const userId = parseInt(req.params.id);
const user = queryOne('SELECT id, username, is_admin FROM users WHERE id = ?', [userId]);
if (!user) {
res.status(404).json({ error: 'User not found' });
return;
}
if (user.is_admin) {
res.status(400).json({ error: 'Cannot delete admin' });
return;
}
if (!user) { res.status(404).json({ error: 'User not found' }); return; }
if (user.is_admin) { res.status(400).json({ error: 'Cannot delete admin' }); return; }
execute('DELETE FROM likes WHERE cat_id IN (SELECT id FROM cats WHERE user_id = ?)', [userId]);
execute('DELETE FROM cats WHERE user_id = ?', [userId]);
execute('DELETE FROM users WHERE id = ?', [userId]);
res.json({ ok: true });
});
// ── Cats ──
router.get('/cats', (_req: AuthRequest, res: Response) => {
const cats = queryAll(
`SELECT c.id, c.image_url, c.caption, c.created_at, c.user_id,
u.username, u.points AS user_points,
(SELECT COUNT(*) FROM likes WHERE cat_id = c.id) AS likes_count
FROM cats c JOIN users u ON u.id = c.user_id
ORDER BY c.created_at DESC`
);
res.json({ cats });
});
router.put('/cats/:id/caption', (req: AuthRequest, res: Response) => {
const catId = parseInt(req.params.id);
const { caption } = req.body;
const cat = queryOne('SELECT id FROM cats WHERE id = ?', [catId]);
if (!cat) { res.status(404).json({ error: 'Cat not found' }); return; }
execute('UPDATE cats SET caption = ? WHERE id = ?', [(caption || '').trim(), catId]);
res.json({ ok: true, caption: (caption || '').trim() });
});
router.delete('/cats/:id', (req: AuthRequest, res: Response) => {
const cat = queryOne('SELECT id FROM cats WHERE id = ?', [req.params.id]);
if (!cat) { res.status(404).json({ error: 'Cat not found' }); return; }
execute('DELETE FROM likes WHERE cat_id = ?', [req.params.id]);
execute('DELETE FROM cats WHERE id = ?', [req.params.id]);
res.json({ ok: true });
});
export default router;